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Amendments in the Claims 

1 . (Currently Amended) A network security system, comprising: 

a static policy data store having a static policy data attribute ; 

a dynamic policy data store for tracking a threat level associated with a connection, the 
dynamic poUcv data store having a dynamic poUcv data attribute : and 

an authorization enforcement facility (AEF) in communication with saM tiie static poUcy 
data store and swd tiie dynamic policy data store and operable to perform a risk-aware analysis 
of a the connectio n to determine the threat level associated with the connecti on based at least in 
part on the static policy data attribute . 

2. (Currently Amended) The network security system of claim 1 , wherein said the static 
policy data store comprises at least one of a constraint, a role, a node-role assignment, a 
threshold value, a node value, a service value, easA or an action value. 

3 . (Currently Amended) The network security system of claim 2, wherein sea4 tiie threshold 
value is inversely proportional to sm4 tiie node value. 

4. (Currently Amended) The network security system of claim 2, wherein said tiie threshold 
value is inversely proportional to said node the service value. 

5 . (Currently Amended) The network security system of claim 1 , wherein sea4 tiie dynamic 
policy data store comprises a threat level table. 

6. (Currently Amended) The network security system of claim 1 , wherein said &e AEF is 
further operable to generate a response to s^d jflie connection. 

7. (Currently Amended) The network security system of claim 6, wherein said the response 
comprises at least one of blocking the source of said the connection from connecting to an 
intended destination, altering said tiie intended destination of seM the connection, and OLauditing 
said ttie connection. 
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8 . (Currently Amended) The network security system of claim 1 , wherein said ^ AEF is 
further operable to generate a countermeasure. 

9. (Currently Amended) The network security system of claim 8, wherein said &e whoroin 
said countermeasure comprises an active countermeasure or a passive countermeasure. 

1 0. (Currently Amended) The network security system of claim 1 , wherein said tiie AEF 
comprises a router, a gateway, a hardware apphance, or a web server. 

1 1 . (Currently Amended) The network security system of claim 1 , further comprising a 
firewall in communication with said tiie AEF. 

12. (Currently Amended) The network security system of claim 1 , further comprising an 
intrusion detection system in communication with s«d tiie AEF. 

1 3 . (Currently Amended) A method comprising: 

receiving a static policy data attribute fi:om a static pohcy data store; 
receiving a connection request directed to a node; 

receiving a dynamic poUcy data attribute from a dynamic policy data store; 

determining a threat level associated with w hether said the connection request4s 



dyntmiic policy data attribute.i and 

storing the threat level associated with the connection request as a dynamic policv data 
attribute in a dynamic poUcv data store. 

14. (Currently Amended) The method of claim 13, further comprising responding to 
said tiie connection request. 



based at least in part on said the static policy data attribute 
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1 5. (Currently Amended) The method of claim 14, wherein responding comprises at least 
one of forwarding the connection request to said tiie node; blocking the source of said tiie 
connection from connecting to an intended destination, altering said the intended destination of 
ses4 tiie connection, aed OT.auditing said tiie connection. 

1 6. (Currently Amended) The method of claim 13, further comprising updating said &e 
dynamic policy data attribute in said &e dynamic policy data store based on a result of said tiie 

determinationing . 

1 7. (Currently Amended) The method of claim 4516, wherein saM tiie updating comprises 
increasing athe threat level if the coimection request is determined to be anomalous. 
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